public override void Hook()
{
//dev.SetCooperativeLevel(new System.Windows.Forms.Form(), CooperativeLevelFlags.Normal);
//desc.SurfaceCaps.OffScreenPlain = true;
//desc.Height = 300;
//desc.Width = 300;
//s1 = new Microsoft.DirectX.DirectDraw.Surface(desc, dev);
this.DebugMessage("Hook: DD Begin");
// First we need to determine the function address for IDirect3DDevice9
SlimDX.Direct3D9.Device mydevice;
List<IntPtr> id3dDeviceFunctionAddresses = new List<IntPtr>();
this.DebugMessage("Hook: Before device creation");
using (Direct3D d3d = new Direct3D())
{
this.DebugMessage("Hook: Device created");
using (mydevice = new SlimDX.Direct3D9.Device(d3d, 0, DeviceType.NullReference, IntPtr.Zero, SlimDX.Direct3D9.CreateFlags.HardwareVertexProcessing, new PresentParameters() { BackBufferWidth = 1, BackBufferHeight = 1 }))
{
id3dDeviceFunctionAddresses.AddRange(GetVTblAddresses(mydevice.ComPointer, D3D9_DEVICE_METHOD_COUNT));
}
}
int r;
IntPtr ir;
#region Test - try to find dd surface blt method addr
IDirectDraw7 mydd;
Type DDinterfaceType = typeof(IDirectDrawSurface);
DirectDrawCreate(IntPtr.Zero, out mydd, IntPtr.Zero);
this.DebugMessage("Created directDraw object");
IDirectDrawSurface mysurface;
r = mydd.SetCooperativeLevel(IntPtr.Zero, new IntPtr(1));
this.DebugMessage("Setcooperativelevel, returned: " + r.ToString());
DDSURFACEDESC2 ddesc = new DDSURFACEDESC2();
ddesc.dwSize = 124;
ddesc.ddsCaps.dwCaps = 64;
ddesc.dwFlags = 7;
ddesc.dwHeight = 300;
ddesc.dwWidth = 300;
ir = mydd.CreateSurface(ref ddesc, out mysurface, IntPtr.Zero);
//ir = mydd.CreateSurface(0x0018fbf8, out mysurface, IntPtr.Zero);
this.DebugMessage("Created directDraw surface, returned: " + ir.ToString() );
IntPtr ddinterfaceIntPtr = Marshal.GetComInterfaceForObject(mysurface, DDinterfaceType);
unsafe
{
int* faddr;
int*** ddinterfaceRawPtr = (int***)ddinterfaceIntPtr.ToPointer();
int** vTable = *ddinterfaceRawPtr;
this.DebugMessage("directDraw surface intptr, returned: " + ddinterfaceIntPtr.ToString());
MethodInfo mi = DDinterfaceType.GetMethod("Blt");
int mi_vto = Marshal.GetComSlotForMethodInfo(mi);
faddr = vTable[mi_vto];
this.DebugMessage("Hook: comslot: " + mi_vto.ToString ());
this.DebugMessage("Hook: final blt addr: " + (int)faddr);
DirectDrawSurface_BltHook = LocalHook.Create(new System.IntPtr(faddr), new DirectDrawSurface_BltDelegate(BltHook), this);
}
#endregion
#region Test - try to find device addr my way, and FOUND IT!
Type interfaceType = typeof(IDirect3DDevice9);
IDirect3D9 d = Direct3DCreate9(32);
IDirect3DDevice9 mydevice2;
D3DPRESENT_PARAMETERS2 d3dpp = new D3DPRESENT_PARAMETERS2();
d3dpp.Windowed = 1;
d3dpp.SwapEffect = D3DSWAPEFFECT.D3DSWAPEFFECT_DISCARD ;
d3dpp.BackBufferFormat = D3DFORMAT.D3DFMT_A8R8G8B8;
d3dpp.EnableAutoDepthStencil = 1;
d3dpp.AutoDepthStencilFormat = D3DFORMAT.D3DFMT_D16;
r = d.CreateDevice(0, D3DDEVTYPE.D3DDEVTYPE_NULLREF, IntPtr.Zero, CreateFlags.D3DCREATE_MIXED_VERTEXPROCESSING, ref d3dpp, out mydevice2);
this.DebugMessage("Hook: Device create return 2.0 " + r.ToString ());
IntPtr interfaceIntPtr = Marshal.GetComInterfaceForObject(mydevice2, interfaceType);
unsafe {int*** interfaceRawPtr = (int***)interfaceIntPtr.ToPointer();
int** vTable = *interfaceRawPtr;
this.DebugMessage("Hook: ih com ptr " + mydevice.ComPointer.ToString ());
this.DebugMessage("Hook: my com ptr (interface int ptr) " + interfaceIntPtr.ToString() );
MethodInfo mi = interfaceType.GetMethod("EndScene");
int mi_vto = Marshal.GetComSlotForMethodInfo(mi);
int* faddr = vTable[mi_vto];
this.DebugMessage("Hook: ih addr to end_scene " + id3dDeviceFunctionAddresses[(int)Direct3DDevice9FunctionOrdinals.EndScene]);
this.DebugMessage("Hook: my addr to end_scene " + (int)faddr);
}
#endregion
// We want to hook each method of the IDirect3DDevice9 interface that we are interested in
// 42 - EndScene (we will retrieve the back buffer here)
Direct3DDevice_EndSceneHook = LocalHook.Create(
id3dDeviceFunctionAddresses[(int)Direct3DDevice9FunctionOrdinals.EndScene],
// On Windows 7 64-bit w/ 32-bit app and d3d9 dll version 6.1.7600.16385, the address is equiv to:
// (IntPtr)(GetModuleHandle("d3d9").ToInt32() + 0x1ce09),
// A 64-bit app would use 0xff18
// Note: GetD3D9DeviceFunctionAddress will output these addresses to a log file
new Direct3D9Device_EndSceneDelegate(EndSceneHook),
this);
// 16 - Reset (called on resolution change or windowed/fullscreen change - we will reset some things as well)
Direct3DDevice_ResetHook = LocalHook.Create(
id3dDeviceFunctionAddresses[(int)Direct3DDevice9FunctionOrdinals.Reset],
// On Windows 7 64-bit w/ 32-bit app and d3d9 dll version 6.1.7600.16385, the address is equiv to:
//(IntPtr)(GetModuleHandle("d3d9").ToInt32() + 0x58dda),
// A 64-bit app would use 0x3b3a0
// Note: GetD3D9DeviceFunctionAddress will output these addresses to a log file
new Direct3D9Device_ResetDelegate(ResetHook),
this);
/*
* Don't forget that all hooks will start deactivated...
* The following ensures that all threads are intercepted:
* Note: you must do this for each hook.
*/
Direct3DDevice_EndSceneHook.ThreadACL.SetExclusiveACL(new Int32[1]);
Direct3DDevice_ResetHook.ThreadACL.SetExclusiveACL(new Int32[1]);
DirectDrawSurface_BltHook.ThreadACL.SetExclusiveACL(new Int32[1]);
this.DebugMessage("Hook: End");
}
public override void Hook()
{
int r;
IntPtr ir;
#region Test - try to find dd surface blt method addr
Type DDinterfaceType = typeof(IDirectDrawSurface);
Type DDinterfaceType2 = typeof(IDirectDraw7);
DirectDrawCreate(IntPtr.Zero, out mydd, IntPtr.Zero);
this.DebugMessage("Created directDraw object");
r = mydd.SetCooperativeLevel(IntPtr.Zero, new IntPtr(8));
DDSURFACEDESC2 ddesc = new DDSURFACEDESC2();
ddesc.dwSize = 124;
ddesc.ddsCaps.dwCaps = 64;
ddesc.dwFlags = 7; //7 + 128 (alphabitdepth) + 4096 (pixelformat)
ddesc.dwHeight = 1920;
ddesc.dwWidth = 1080;
//ddesc.dwAlphaBitDepth = 8;
ir = mydd.CreateSurface(ref ddesc, out mysurface, IntPtr.Zero);
ddinterfaceIntPtr = Marshal.GetComInterfaceForObject(mysurface, DDinterfaceType);
ddinterfaceIntPtr2 = Marshal.GetComInterfaceForObject(mydd, DDinterfaceType2);
unsafe
{
int* faddr; int* faddr3; int* faddr6; int* faddr7;
int*** ddinterfaceRawPtr = (int***)ddinterfaceIntPtr.ToPointer();
int** vTable = *ddinterfaceRawPtr;
int*** ddinterfaceRawPtr2 = (int***)ddinterfaceIntPtr2.ToPointer();
int** vTable2 = *ddinterfaceRawPtr2;
MethodInfo mi = DDinterfaceType.GetMethod("Blt");
MethodInfo mi2 = DDinterfaceType2.GetMethod("SetCooperativeLevel");
int mi_vto = Marshal.GetComSlotForMethodInfo(mi);
int mi_vto2 = Marshal.GetComSlotForMethodInfo(mi);
faddr = vTable[mi_vto];
DirectDrawSurface_BltHook = LocalHook.Create(new System.IntPtr(faddr), new DirectDrawSurface_BltDelegate(BltHook), this);
//faddr2 = vTable[2];
//DirectDrawSurface_ReleaseHook = LocalHook.Create(new System.IntPtr(faddr2), new DirectDrawSurface_ReleaseDelegate(ReleaseHook), this);
faddr3 = vTable[11];
DirectDrawSurface_FlipHook = LocalHook.Create(new System.IntPtr(faddr3), new DirectDrawSurface_FlipDelegate(FlipHook), this);
//faddr4 = vTable[25];
//DirectDrawSurface_LockHook = LocalHook.Create(new System.IntPtr(faddr4), new DirectDrawSurface_LockDelegate(LockHook), this);
//faddr5 = vTable[32];
//DirectDrawSurface_UnlockHook = LocalHook.Create(new System.IntPtr(faddr5), new DirectDrawSurface_UnlockDelegate(UnlockHook), this);
//faddr6 = vTable2[20];
//DirectDraw_SetCooperativeLevelHook = LocalHook.Create(new System.IntPtr(faddr6), new Delegate_SetCooperativeLevel(SetCooperativeLevel_Hooked), this);
faddr6 = vTable2[21];
DirectDraw_SetDisplayModeHook = LocalHook.Create(new System.IntPtr(faddr6), new Delegate_SetDisplayModeHook(SetDisplayModeHook_Hooked), this);
faddr7 = vTable2[19];
DirectDraw_RestoreDisplayModeHook = LocalHook.Create(new System.IntPtr(faddr7), new Delegate_RestoreDisplayModeHook(RestoreDisplayModeHook_Hooked), this);
faddrX = new System.IntPtr(faddr6);
faddrX2 = new System.IntPtr(faddr7);
Marshal.Release(ddinterfaceIntPtr);
Marshal.Release(ddinterfaceIntPtr2);
Marshal.FinalReleaseComObject(mydd);
Marshal.FinalReleaseComObject(mysurface);
}
#endregion
//mysurface.GetDC(out hdc);
//mysurface.ReleaseDC(hdc);
/*
System.Collections.ArrayList mm = new System.Collections.ArrayList();
mm.Add ("qwrwqer");
mm.Add ("hyrereyre");
mm.Add ("rhdthdfghdfghdfh");
mm.Add ("safxcvbxcvbvb");
mm.Add("safxcvbxcvbvb");
mm.Add("safxcvbxcvbvb");
mm.Add("safxcvbxcvbvb");
mm.Add("safxcvbxcvbvb");
mm.Add("safxcvbxcvbvb");
mm.Add("safxcvbxcvbvb");
mm.Add("safxcvbxcvbvb");
mm.Add("safxcvbxcvbvb");
mm.Add("safxcvbxcvbvb");
mymenu = new ClassLibrary1.Menu(new IntPtr(0), mm, 0, false, new Rectangle(1, 1, 1, 1));
using (MemoryStream stream = new MemoryStream())
{
mymenu.getEntireImage().Save(stream, System.Drawing.Imaging.ImageFormat.Bmp);
idxhookUpdateimg = stream.ToArray();
}*/
//gfx = Graphics.FromImage(imag);
//gfx.FillRectangle(Brushes.Blue, 0, 0, 350, 350);
DirectDrawSurface_BltHook.ThreadACL.SetExclusiveACL(new Int32[1]);
DirectDrawSurface_FlipHook.ThreadACL.SetExclusiveACL(new Int32[1]);
//DirectDraw_SetCooperativeLevelHook.ThreadACL.SetExclusiveACL(new Int32[1]);
//DirectDrawSurface_LockHook.ThreadACL.SetExclusiveACL(new Int32[1]);
//DirectDrawSurface_UnlockHook.ThreadACL.SetExclusiveACL(new Int32[1]);
//DirectDrawSurface_ReleaseHook.ThreadACL.SetExclusiveACL(new Int32[1]);
DirectDraw_SetDisplayModeHook.ThreadACL.SetExclusiveACL(new Int32[1]);
DirectDraw_RestoreDisplayModeHook.ThreadACL.SetExclusiveACL(new Int32[1]);
this.DebugMessage("Hook: End" + DateTime.Now.ToString() + ":" + DateTime.Now.Millisecond.ToString());
}